Exclusive: Indian Intelligence Infiltrated US Government Networks

Symantec now claims that the company's own networks were in fact breached back in 2006, leading to the loss of proprietary product data: "...an investigation into the matter had revealed that the company's networks had indeed been compromised"...

"YamaTough, spokesperson for the hacktivist group “The Lords of Dharmaraja”, informed Infosec Island of plans to release source code for Symantec's PCAnywhere. The release is to be made prior to the threatened exposure of the full source code for the Norton antivirus..."

The hacktivist responsible for exposing the source code for a leading antivirus product, as well as posting documents that showed the United States-China Economic and Security Review Commission (USCC) was possibly breached, has provided Infosec Island with evidence that Indian government operatives have successfully infiltrated other sensitive US government networks.

Symantec has since denied providing the Indian government with the NAV source code, and both Apple and RIM have likewise denied any cooperation with Indian agencies, according to reports. Nokia has so far declined to comment on the allegations.

One of the alleged targets of the Indian intelligence operations is reported to have been the US-China Economic and Security Review Commission (USCC), created in the year 2000 “to monitor, investigate, and submit to Congress an annual report on the national security implications of the bilateral trade and economic relationship between the United States and the People’s Republic of China,” according to the organization’s website.

Each of these events individually could be considered of great importance from a security standpoint, and together they paint a picture of an overzealous Indian intelligence apparatus that provides a legitimate reason for concern by the US government.

Now YamaTough has provided potentially damning evidence that the Indian government is actively engaged in espionage efforts targeting not only the USCC, but potentially thousands of US government networks, ranging from those of federal agencies to systems used by state and municipal entities.

Infosec Island received what was described as merely a “sample”of what the group “The Lords of Dharmaraja” claim to have in their possession.

The data included sixty-eight sets of usernames and passwords for compromised US government network accounts which were said to have been acquired by hacking multiple servers belonging to India’s Ministry of External affairs (mea.gov.in) and the National Informatics Centre (nic.in), amongst others.

In the best interest of the federal, state and local municipalities and their constituents, Infosec Island will not publish the compromised account data. We have provided the information to the proper authorities and are fully cooperating with law enforcement, including delaying the publication of this article in an effort to avoid hindering their investigation.

YamaTough has also indicated the group is in possession of data from numerous companies other than Symantec, and they have yet to decide whether or not they will make the information public, though they have stated to Infosec Island that they may be inclined to do so.

As for the group’s motivations, YamaTough told Infosec Island that “The Lords of Dharmaraja” seek to undermine the current Indian “regime” in favor of a more solidly “pro-American” alternative, as well as lessening the influence of Indian telecom mogul Sunil Bharti Mittal, chairman and CEO of Bharti Enterprises.

“…my team is pro US, we fight for rights in our country we are not intentionally harm US companies (sometimes we do hack into since our botnet is worldwide) but we do not steal credit cards and make money of it and we do not do banks etc. Our mission - exposure of the corruption,” YamaTough continued.

“We wanna apologize for harm taken by the Symantec USCC and others, but without them being involved things which do occur in our state would never be covered and taken to the public, sometimes you have to sacrifice in order to achieve... and we do not approve sharing personal data and source codes with foreign governments. We want free and nice India and not police state,” YamaTough proclaimed.

Infosec Island will follow up this article with an exclusive interview with YamaTough that will contain more details of the group’s activities as well as analysis by leading security experts. Stay tuned…

so if you believe Symantec and whatever evidence they provided, NO AV PRODUCTS WERE AFFECTED

Might want to mention conflicting information when publishing content. Good research provides good results.

1326292559

Anthony M. Freed
Thanks for the 101 lesson in Google searches Fred. Perhaps a little more research and you would have seen that it was Infosec Island who provided the sample of source code to Symantec for analysis:

And I doubt that any publicly traded company would run out an announce anything other than "nothing to see here, move along" after an event like this. The expectation of full disclosure in the midst of a crisis is naive at best.

1326293669

Fred Fredburger
That wasn't google 101, that was mailing list 101. #tryharder You may want to work on how you handle the criticism. As for comments, you may also have noticed the "if you believe Symantec" disclaimer, which would indicate I don't personally have 100% faith in Big Yellow, and that I am naive. I see 5 days ago you debated this very topic with Mann, resolved in favor of "no current code", assuming Mann can be believed. And yet no mention of it in the current missive.

1326294621

Laura Walker
Masterful balance of interests, trust and CYA on the tightrope of verifying the hack, coordinating with Symantec and authorities and getting the story out without burning either side.

1326294664

Anthony M. Freed
What does "current code" even mean? I wonder what the likelihood is that all of the NAV code was completely re-written since 2006. It obviously was not between 1998 and 2006 according to the information that has been released. Anyway, the mention of NAV was only as background on the events leading up to this disclosure regarding Indian intel operatives infiltrating US government networks, so it was not meant to be encyclopedic. Laura has a good understanding of what we had to deal with to get even this much of the story out.

Anthony M. Freed
Thanks Fred - I wish he would follow up on his assertions - mostly I just see rants and insults on his Twitter stream, so not sure if Mann is even a real player.

1326296041

Laura Walker
Restraint on all sides is yielding useful information and an ongoing dialogue. Smacktalk is pointless here. Might as well go lecture Sabu and see where it gets you =)

1326296555

Yama Tougher
Who wants symantec story as of now ? Who cares about symantec as of now?
You guys should care not about one corp entity but the whole homeland security and why foreign entity should know how much tax you pay and what clarity are your contact lenses Laura and Fred?

1326302793

The spying of friendly nation-states against one another is common and expected. We spy on our friends as they spy on us.

The desire by India to target US-Chinese activities is not unusual. The US involvement with the Indian economy and beyond tied to the neighbor status of China present India with a need to understand all such relationships. The real questions for me center upon the deals made by RIM, Nokia and Apple with the Indian government. What share of the market was guaranteed by the government for each in exchange for these backdoors? What other backdoors have been provided by these three (and others) and to whom? What intent does the Indian government have with respect to using these backdoors and do they have the capacity to absorb the yottabytes of data they will collect? Will they contract the US to help manage this data or sell the data to other organizations? Will they use it to squash civil liberties?

Another thought comes to mind relative to Chinese requirements for the turnover of sourcecode by Microsoft, Checkpoint and others as a requirement to sell into Chinese markets. The Chinese are overt with their requirements while India may be otherwise. Regardless, pay to play is a requirement for many types of businesses operating in global markets. We call it bribery and graft. World markets see it as a norm for getting business done.

As for the sourcecode, my thoughts here are so what. Cybercriminals reverse engineer all such code as it is and signature based solutions cover 25% at best and maybe only 50% of the time. Sourcecode that is 6 years old is not a concern. How it was in India hands may be the question to pursue.

Usually when something of this sort is uncovered, it is merely the tip of the iceberg as to what is really going on. Steps taken (or not taken) by the US Government should give an indication of the seriousness of the activity.

1326302984

Richard Stiennon
Thank you YamaTough for chiming in. Point very well taken. Symantec is not the story.

1326304953

Krypt3ia
Yes, we all spy on one another... And yes Symantec is not the story. What is more the story is what has been going on with Anonymous and activity like that of Yama. Things are coming out via hacks that show that corporations are selling technologies with backdoors or using their insight into their products to use them as a form of control over their populace.

That is the story...

Now, as to the provenance of the documents.. Well, lets see them and run some forensics on them to see what we get before saying they are authentic eh?

Yama Tougher
it would be stupid thinking that involved party admits to authenticity of the documents - they had hard time admitting to Paris leak, now they state that office Singh doesnt exist =) They will deny it anyway. Let's make USA decide what's authentic and what is not. We have still 1000 "leak" missles to launch at Indian government to prove otherwise. No matter how they deny it - there are independent parties who will get to a point where lying turns into "harakiri"

Krypt3ia
@Yama Who said anyone admitting to anything. Forensics is about proof. It may not be enough to prove the dox came from the source you claim. Hell, it would be easier if you released data you have proving your hack.

1326377418

Krypt3ia
Well, it seems like this is all turning out to be #disinformation after all...

The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.